Five minute practical

Open up the command prompt on your computer, and type netstat -an. You should now see the listening and established ports; count them, and write the numbers down. Run the command shutdown /r /t 0 to immediately reboot the machine. Log back in, go to the command prompt, and run netstat -an; what is the difference? You will see that you have lost information that could have been used as evidence:

Volatile evidence summary

Web-based attack

Computer attack

Removable drive

Command line

Capture network traffic

CPU cache then

RAM

Volatile memory using RAM

Netstat-an

Exam tipCapturing the network traffic is the first step in remote or web-based attacks so that you can identify the course.
  • Chain ...

Get CompTIA Security+ Certification Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.